c0788e1f8c7cb4824c254c8ca33f4fc17c2d31b9d63e209f580f4a2b806cbe60[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c0788e1f8c7cb4824c254c8ca33f4fc17c2d31b9d63e209f580f4a2b806cbe60.zip.zip
Size

129KB
MD5

b87a86cae17a88d283007553ff208a3b
SHA1

e7cbde99c41bdd12cb36f1b492e7d25f9e135885
SHA256

129bd96f44c3ffcc7224a41b617b0b28fd3a47bbeb275945036987788cb2f7b7
SHA512

a3e86f55f27f24c6792318fec4aa718d48d63cbcfb1311d0510e1cd07972e5e4f3097b9e37a2b9cb9eaa4ebc30ee0af667c0218825514425a527be43e4f24ab9
SSDEEP

3072:Iyt6g6VnBPMw1COuoMs3WPgU+bdEef9EqCcFyOMaOXLkoJIST:Iycg6VBtORYWa27cIpgBST

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/TTDXEDIT.EXE	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SGMPlugin/TTDXEdit.dll
unpack002/TTDXEDIT.EXE
unpack002/modified.exe

Files

c0788e1f8c7cb4824c254c8ca33f4fc17c2d31b9d63e209f580f4a2b806cbe60.zip.zip
.zip

Password: infected
c0788e1f8c7cb4824c254c8ca33f4fc17c2d31b9d63e209f580f4a2b806cbe60.zip
.zip
CHANGES.TXT
README.TXT
SGMPlugin/TTDXEdit.dll
.dll regsvr32 windows:4 windows x86

1be56bbf96046ef4a1a6721bdcb84199

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
ord103
__vbaVarCmpEq
ord104
ord105
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
ord618
ord650
_allmul
__vbaLateIdSt
ord652
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTDXEDIT.EXE
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modified.exe
.exe windows:1 windows x86

1c65dda11de98f9675eff0bc72947e28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA

kernel32

CloseHandle
CreateEventA
CreateFileA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFilePointer
SetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteConsoleA
WriteFile

Sections

AUTO
Size: 28KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

1be56bbf96046ef4a1a6721bdcb84199

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 232KB

UPX1 Size: 93KB - Virtual size: 96KB

.rsrc Size: 3KB - Virtual size: 4KB

1c65dda11de98f9675eff0bc72947e28

Headers

File Characteristics

Imports

user32

kernel32

Sections

AUTO Size: 28KB - Virtual size:

.idata Size: 1KB - Virtual size:

DGROUP Size: 4KB - Virtual size:

.bss Size: 2KB - Virtual size:

.reloc Size: 2KB - Virtual size:

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 232KB

UPX1
Size: 93KB - Virtual size: 96KB

.rsrc
Size: 3KB - Virtual size: 4KB

AUTO
Size: 28KB - Virtual size:

.idata
Size: 1KB - Virtual size:

DGROUP
Size: 4KB - Virtual size:

.bss
Size: 2KB - Virtual size:

.reloc
Size: 2KB - Virtual size: